'Tis the season to be cautious: ’Cyber 5’ is peak period for fraudsters warns PerimeterX co-founder

"This is an ongoing race and you need to run just to keep up with the pace, not to mention remain ahead of the curve," explains Ido Safruti

Allon Sinai 16:5720.12.20
The recent five-day holiday shopping period between Thanksgiving and Cyber Monday, with Black Friday sandwiched in between, was the biggest online shopping weekend in history. During the “Cyber 5” period, U.S. shoppers alone spent a record $34.36 billion on retail websites, according to Adobe, a 20.6% increase from 2019. This actually fell below projections for huge spikes in online shopping, which according to Adobe’s researchers was the result of the earlier start to the holiday shopping season likely influenced by retailers launching promotions prior to Cyber 5 to pull demand forward. Still, shoppers are spending faster in the holidays than in years previous, with global consumer spending for the first time eclipsing $100 billion from November 1 through Cyber Monday, reaching $106.5 billion.


The surge in e-commerce has not only benefited retailers who had a strong online presence even prior to the pandemic, or those who were quick in adopting the digitization revolution, but also malicious attackers looking to take advantage of newly created vulnerabilities in order to defraud companies and users.


This is where the likes of Israeli-founded and San Mateo, California-headquartered information security startup PerimeterX come into play, keeping hackers at bay with their line of products aimed at safeguarding web and mobile applications from evolving threats, such as account takeover, Magecart, and browser malware.


Ido Safruti, CTO and co-founder of PerimeterX. Photo: Courtesy Ido Safruti, CTO and co-founder of PerimeterX. Photo: Courtesy


PerimeterX, founded in 2014 by Omri Iluz, Ido Safruti and Ophir Ashkenazi, currently offers the Bot Defender, a behavior-based bot management solution that protects from automated attacks; Code Defender, a client-side application security solution that continuously protects websites from digital skimming, formjacking and Magecart attacks, and Page Defender, which preserves the intended online shopper experience by blocking unwanted coupon extensions and ad injections.


"Six years ago we went to different companies to hear feedback on our idea and one problem they raised that kept coming up was bot mitigation, identifying who is visiting the site and whether he is human or not and then to categorize them accordingly as either legitimate or non legitimate," Safruti told CTech. "So we started by trying to solve that and built our infrastructure which led to our first product, Bot Defender. Two years ago we released two more products, Code Defender and Page Defender which help protect from other threats facing web applications like information being leaked or attacks on servers."


Iluz and Safruti were already based out of Silicon Valley when they founded PerimeterX, moving to the U.S. when they were at Contendo, which was acquired by Akamai Technologies in March 2012. Nevertheless, they choose to set up PerimeterX's R&D center in Israel, with the company currently employing around 170 people, more or less split equally between the U.S. and Israel.


"We recognized the lack of a security and risk solution for web applications that is built and planned for current web scale and modern web architecture," Safruti said. "We sat together for several nights and came up with a creative way to do it. We had an advantage as we also had a security background and we were also part of Akamai, which builds large cloud infrastructure. Our concept is built around having connectors that expand the client's infrastructure. There is no need for the client to replace their infrastructure as our product interfaces with over 40 different frameworks. We essentially help make their framework smarter. We collect the information and analyze it ourselves and guide the framework on what it should do without forcing a new architecture on the client. They can use any technology or stack they want and allow their developers to work at any pace."


A recent testament to PerimeterX's growth could be seen in Deloitte's ‘North America Technology Fast 500’ list released last month in which the company was ranked 49th overall and among the top-10 companies residing in Silicon Valley. Deloitte reported that PerimeterX recorded growth of 3,637% , according to the ranking devised by monitoring the fiscal year revenue growth of each company between the years of 2016 to 2019.


"Our main vertical is e-commerce and obviously this sector has been booming since the start of the pandemic," said Safruti. "For example, e-learning clients of ours experienced growth that sometimes reached tenfold in traffic and new users. The attackers also quickly moved to this vector and we saw a very big increase in the number of attacks. We saw a big rise in account takeover attacks. In these instances, an attacker has a database of usernames and passwords stolen in previous attacks and uses an army of bots to try and use this information to enter accounts on numerous websites as most users use the same username and password on all their online accounts because it isn't easy to remember many different passwords.”


Safruti noted that despite all the publicity ransomware attacks have received recently, "most attackers don't care about ransomware."


"If they manage to break into a server they want to profit as much money as possible for as long as possible without being discovered. For example, they can plant malicious code that can run on the browsers of the clients and every time a user enters credit card and personal details, it automatically transfers them to their server and then they can exploit it any way they like. These types of scripts can sometimes sit on servers for weeks and months without being discovered. This is far more profitable than a one-off ransomware attack. Ransomware receives far more coverage but a lot more money is being made in attacks that no one knows about. Code Defender tackles this. It runs continuously and studies the behavior of the application and recognizes if there has been any change, for example, a script that wasn't there before or a script that started gathering information it isn't supposed to and is sending it to a new domain. If it identifies any such change it will automatically alert to it, or block it, depending on the preferences of the client."


PerimeterX has raised $91.5 million to date, with its most recent round coming in February 2019. "You take money when there is an opportunity and not necessarily when you need to,” explained Safruti. “That round really helped us to enter the pandemic in a good position.”


Safruti wouldn’t say whether the company is planning another round in the near future, but noted that “there is a lot of interest and we are growing and succeeding and this is a very hot and attractive market.”


Over the recent five-day holiday shopping spree, PerimeterX processed record traffic of 93.7 billion total requests. The peak volume of requests the company processed exceeded 1.5 million per second. Based on internal estimates of traffic and purchasing volumes, PerimeterX protected more than $12 billion in global e-commerce transactions for Cyber 5 2020, setting a new company record.


"One of the challenges security companies have is that you need to solve a problem that is difficult to start with and you have competition, but in addition the problem is always changing because the attackers and the patterns you are trying to identify are also evolving and are reacting to what you do, " Safruti added. "We have a pretty big research team that examines and analyzes developments and tries to think like the attackers and tries to find breaches in our products. Our researchers also analyze attack tools and infiltrate the forums in which the attackers chat to see what they are talking about and to ensure we are ready. This is an ongoing race and you need to run just to keep up with the pace, not to mention remain ahead of the curve."